Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Last week a Utah court issued a default judgement under CAN SPAM in Zoobuh vs. Better Broadcasting et al. I think the court's opinion is pretty good, even though some observers such as very perceptive Venkat Balasubramani have reservations.

The main issues were whether Zoobuh had standing to sue, whether the defendants domain names were obtained fraudulently, and whether the opt-out notice in the spam was adequate.

Standing

The standing issue was easy. Zoobuh is a small ISP with 35,000 paying customers who spends a lot of time and money doing spam filtering, using their own equipment. That easily met the standard of being adversely affected by spam, since none of the filtering would be needed if it weren't for all the spam.

Domain names

CAN SPAM prohibits "header information that is materially false or materially misleading." The spammer used proxy registrations at eNom and Moniker. The first subquestion was whether using proxies is materially false. Under the California state anti-spam law, courts have held that they are, and this court found that the California law is similar enough to CAN SPAM that proxies are materially false under CAN SPAM, too.

Venkat has reservations, since in principle one can contact the domain owner through the proxy service, but I'm with the court here. For one thing, even the best of proxies take a while to respond, and many are in fact black holes, so the proxy does not give you useful information about the mail at the time you get or read the mail. More importantly, businesses that advertise are by nature dealing with the public, and there in no plausible reason for a legitimate business to hide from its customers. (Yes, if they put real info in their WHOIS they'll get more spam. Deal with it.)

CAN SPAM also forbids using a "domain name, ... the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations." Both eNom and Moniker's terms of service forbid spamming, so the court found that the senders obtained the addresses fraudulently, hence another violation. Venkat finds this to be circular reasoning, arguing that the court found the spam to be illegal because the spam was illegal, but in this case, he's just wrong.

Despite what some bulk mailers might wish, CAN SPAM does not define what spam is, and mail that is entirely legal under CAN SPAM can still be spam. eNom's registration agreement forbids "if your use of the Services involves us in a violation of any third party's rights or acceptable use policies, including but not limited to the transmission of unsolicited email". Moniker's registration agreement prohibits "the uploading, posting or other transmittal of any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or any other form of solicitation, as determined by Moniker in its sole discretion." There is no question that the defendants sent "unsolicited email" or "unsolicited advertising" and there's nothing circular about the court finding that the defendants did what they had agreed they wouldn't.

Opt out notice

The third issue is whether the spam contained the CAN SPAM required opt out notices. There were no notices in the messages themselves, but only links to remote images that presumably were supposed to contain the required text. As the court said:

The question presented to the Court in this case is whether Required Content provided in the emails through a remotely hosted image is clearly and conspicuously displayed. This Court determines that it is not.

One issue is that many mail programs do not display external images for security reasons or (as in my favorite program Alpine) because they don't display images at all. The court cites multiple security recommendations against rendering remote images, and concludes that there's nothing clear or conspicuous about a remote image. Even worse, the plaintiffs said that the remote images weren't even there if they tried to fetch them,

The real point here is that the senders are playing games. There is no valid reason to put the opt-out notice anywhere other than text in the body of the message, which is where every legitimate sender puts it.

Summary

Overall, I am pleased at this decision. The court understood the issues, was careful not to rely on any of the plaintiff's claims that couldn't be verified (remember that the defendant defaulted, so there was no counter argument) and the conclusions about proxy registrations and remote images will be useful precedents in the next case against spammers who use the same silly tricks.

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Related

There is an urgent need to clarify the GDPR's territorial scope. Of the many changes the GDPR will usher in this May, the expansion of EU privacy law's territorial scope is one of the most important. The GDPR provides for broad application of its provisions both within the EU and globally. But the fact that the GDPR has a broad territorial scope does not mean that every company, or all data processing activities, are subject to it. more

Cryptocurrencies (such as Bitcoin) are all the rage -- so, naturally, related domain name disputes are, too. The wild fluctuations in cryptocurrency prices (Bitcoin hit a low of close to $6,000 this week, after reaching an all-time high of more than $19,000 only two months ago, and less than $1,000 a year ago) have attracted speculators, regulators and now even cybersquatters. more

Black's Law Dictionary defines it as "the extraterritorial operation of laws; that is, their operation upon persons, rights or jural relations, existing beyond the limits of the enacting state, but still amenable to its laws. The term is used to indicate jurisdiction exercised by a nation in other countries, by treaty..." Extraterritoriality is also the most significant emerging development today in the law shaping virtual network architectures and services that includes OTT and NFV-SDN. more

The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in the U.S. Companies that adapt quickly can turn these changes into a competitive advantage. As we grapple worldwide with the implications of the incredible amount of personal data generated every day, consumers are pressuring brands and legislators alike for more control over their information. more

U.S. Chamber of Commerce President Thomas J. Donohue on January 10, 2018, warned that "techlash" is a threat to prosperity in 2018. What was he getting at? A "backlash against major tech companies is gaining strength -- both at home and abroad, and among consumers and governments alike." "Techlash" is a shorthand reference to a variety of impulses by government and others to shape markets, services, and products; protect local interests; and step in early to prevent potential harm to competition or consumers. more

Doug Isenberg notes in a recent CircleID essay that two records in domain name disputes were broken in 2017, namely number of cybersquatting claims (3,036 in 2016, 3,073 in 2017) and number of domain names implicated (5354 in 2016, 6370 in 2017). Fairly consistently from year to year, approximately twenty percent of filings are terminated (withdrawn): whether by settlement or nolo contendere we don't know. (All of these statistics come from the World Intellectual Property Organization (WIPO). more

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more

The year 2017 turned out to be a record-setting year for domain name disputes, in two ways: The number of complaints filed as well as the total number of domain names in those complaints. Specifically: The number of cases at WIPO crept up to 3,073 from 3,036 in 2016 (the previous record), a modest gain of just over 1 percent. Those cases included 6,370 domain names, up from 5,354 in 2016 (also a record-setting year), a spike of nearly 19 percent. more

The courts of the United Kingdom have set themselves outside the mainstream of Internet consensus policies on trademark/domain name disputes. A U.K. court decision regarding the UDRP reflects an unfortunate tendency to overlook one of the fundamental principles of the UDRP, namely the opportunity to seek independent resolution of a trademark/domain name dispute by court proceedings. more

The modus operandi of the Internet Corporation for Assigned Names and Numbers (ICANN) is achieving consensus. This also holds true for the principal rights protection mechanism that emerged from a two-year round of debates organized by the World Intellectual Property Organization (WIPO) that ICANN implemented in 1999 as the Uniform Domain Name Dispute Resolution Policy (UDRP). Consensus rules; not precedent, although consensus inevitably becomes that. more

Here's another example of a domain name dispute where the top-level domain (TLD) was essential to the outcome of the case -- because it formed a part of the complainant's trademark: mr.green. In this decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), the panel joined a short but (slowly) growing list of disputes in which the TLD plays a vital role. more

Complainants have standing to proceed with a claim of cybersquatting under the Uniform Domain Name Dispute Resolution Policy (UDRP) if the accused "domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights" (4(a)(i) of the Policy). Quickly within the first full year of the Policy's implementation (2000) Panels construed "rights" to include unregistered as well as registered marks, a construction swiftly adopted by consensus. more

A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets in 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons. more

Recently, a colleague in the Bellisario College of Communications asked me who gets a freedom boost from the FCC's upcoming dismantling of network neutrality safeguards. He noted that Chairman Pai made sure that the title of the FCC's Notice of Proposed Rulemaking is: Restoring Internet Freedom. My colleague wanted to know whose freedom the FCC previously subverted and how removing consumer safeguards promotes freedom. more

Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas. This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. more

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead4522

A World-Renowned Source for Internet Developments. Serving Since 2002.